From bf4b0cda06013549a70ed0f8e031a65d61fabfce Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sat, 16 Dec 2017 07:11:02 -0500
Subject: [PATCH] Realtime malware scanning

---
 app/src/main/AndroidManifest.xml              |   4 +
 .../spotco/malwarescanner/MainActivity.java   |   4 +
 .../spotco/malwarescanner/MalwareScanner.java |  16 ++-
 .../malwarescanner/MalwareScannerService.java |  95 ++++++++++++++++++
 .../res/drawable-hdpi/ic_notification.png     | Bin 0 -> 485 bytes
 .../res/drawable-mdpi/ic_notification.png     | Bin 0 -> 344 bytes
 .../res/drawable-xhdpi/ic_notification.png    | Bin 0 -> 615 bytes
 .../res/drawable-xxhdpi/ic_notification.png   | Bin 0 -> 968 bytes
 app/src/main/res/values/strings.xml           |   3 +
 9 files changed, 117 insertions(+), 5 deletions(-)
 create mode 100644 app/src/main/java/us/spotco/malwarescanner/MalwareScannerService.java
 create mode 100644 app/src/main/res/drawable-hdpi/ic_notification.png
 create mode 100644 app/src/main/res/drawable-mdpi/ic_notification.png
 create mode 100644 app/src/main/res/drawable-xhdpi/ic_notification.png
 create mode 100644 app/src/main/res/drawable-xxhdpi/ic_notification.png

diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index 0329626..af5140b 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -23,6 +23,10 @@
                 <category android:name="android.intent.category.LAUNCHER" />
             </intent-filter>
         </activity>
+        <service
+            android:name=".MalwareScannerService"
+            android:enabled="true"
+            android:exported="false"/>
     </application>
 
 </manifest>
\ No newline at end of file
diff --git a/app/src/main/java/us/spotco/malwarescanner/MainActivity.java b/app/src/main/java/us/spotco/malwarescanner/MainActivity.java
index 4616183..f8bf05d 100644
--- a/app/src/main/java/us/spotco/malwarescanner/MainActivity.java
+++ b/app/src/main/java/us/spotco/malwarescanner/MainActivity.java
@@ -1,6 +1,7 @@
 package us.spotco.malwarescanner;
 
 import android.Manifest;
+import android.content.Intent;
 import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageManager;
 import android.os.AsyncTask;
@@ -78,6 +79,9 @@ public class MainActivity extends AppCompatActivity {
         });
 
         requestPermissions();
+
+        Intent realtimeScanner = new Intent(this, MalwareScannerService.class);
+        startService(realtimeScanner);
     }
 
     @Override
diff --git a/app/src/main/java/us/spotco/malwarescanner/MalwareScanner.java b/app/src/main/java/us/spotco/malwarescanner/MalwareScanner.java
index ba1efb5..f791d1e 100644
--- a/app/src/main/java/us/spotco/malwarescanner/MalwareScanner.java
+++ b/app/src/main/java/us/spotco/malwarescanner/MalwareScanner.java
@@ -1,11 +1,13 @@
 package us.spotco.malwarescanner;
 
 import android.app.Activity;
+import android.app.Notification;
 import android.app.NotificationManager;
 import android.content.Context;
 import android.os.AsyncTask;
 import android.os.SystemClock;
 import android.support.v4.app.NotificationCompat;
+import android.util.Log;
 import android.widget.TextView;
 
 import java.io.File;
@@ -15,6 +17,7 @@ import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Random;
 import java.util.Set;
 
 public class MalwareScanner extends AsyncTask<Set<File>, Object, String> {
@@ -43,11 +46,14 @@ public class MalwareScanner extends AsyncTask<Set<File>, Object, String> {
             logOutput.append(result + "\n");
         } else if (!userFacingOnly) {
             NotificationCompat.Builder mBuilder =
-                    new NotificationCompat.Builder(context)
-                            .setSmallIcon(R.drawable.ic_launcher_foreground)
-                            .setContentTitle("Malware Detected!")
-                            .setContentText(result);
-            notificationManager.notify(1, mBuilder.build());
+                new NotificationCompat.Builder(context)
+                        .setSmallIcon(R.drawable.ic_notification)
+                        .setContentTitle(context.getText(R.string.lblNotificationRealtimeDetection))
+                        .setContentText(result)
+                        .setPriority(Notification.PRIORITY_MAX)
+                        .setVisibility(Notification.VISIBILITY_SECRET)
+                        .setDefaults(Notification.DEFAULT_VIBRATE);
+            notificationManager.notify(new Random().nextInt(), mBuilder.build());
         }
     }
 
diff --git a/app/src/main/java/us/spotco/malwarescanner/MalwareScannerService.java b/app/src/main/java/us/spotco/malwarescanner/MalwareScannerService.java
new file mode 100644
index 0000000..a0e28fc
--- /dev/null
+++ b/app/src/main/java/us/spotco/malwarescanner/MalwareScannerService.java
@@ -0,0 +1,95 @@
+package us.spotco.malwarescanner;
+
+import android.app.Notification;
+import android.app.NotificationManager;
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Environment;
+import android.os.FileObserver;
+import android.os.IBinder;
+import android.support.v4.app.NotificationCompat;
+import android.util.Log;
+import android.widget.Toast;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Random;
+import java.util.Set;
+
+public class MalwareScannerService extends Service {
+
+    private ArrayList<MalwareMonitor> malwareMonitors = null;
+
+    @Override
+    public IBinder onBind(Intent intent) {
+        return null;
+    }
+
+    @Override
+    public int onStartCommand(Intent intent, int flags, int startId) {
+        if(true) {//Check if we're enabled
+            malwareMonitors = new ArrayList<>();
+            malwareMonitors.add(new MalwareMonitor(Environment.getExternalStorageDirectory().toString()));
+            malwareMonitors.add(new MalwareMonitor(getExternalFilesDir(Environment.DIRECTORY_DOWNLOADS).toString()));
+
+            for(MalwareMonitor malwareMonitor : malwareMonitors) {
+                malwareMonitor.startWatching();
+            }
+            Toast.makeText(this, "Theia: Realtime Scanning Started", Toast.LENGTH_SHORT).show();
+            setForeground();
+        } else {
+            stopSelf();
+        }
+
+        return START_STICKY;
+    }
+
+    @Override
+    public void onDestroy() {
+        for(MalwareMonitor malwareMonitor : malwareMonitors) {
+            malwareMonitor.stopWatching();
+        }
+        Toast.makeText(this, "Theia: Realtime Scanning Stopped", Toast.LENGTH_SHORT).show();
+    }
+
+    private void setForeground() {
+        NotificationManager notificationManager = (NotificationManager) this.getSystemService(Context.NOTIFICATION_SERVICE);
+
+        Notification notification =
+                new NotificationCompat.Builder(this)
+                        .setSmallIcon(R.drawable.ic_notification)
+                        .setContentTitle(getText(R.string.lblNotificationRealtimeTitle))
+                        .setContentText(getText(R.string.lblNotificationRealtimeText))
+                        .setPriority(Notification.PRIORITY_MIN)
+                        .build();
+
+        startForeground(-1, notification);
+    }
+
+    private class MalwareMonitor extends FileObserver {
+
+        private String rootPath = null;
+
+        public MalwareMonitor(String path) {
+            super(path);
+            rootPath = path;
+            if(!rootPath.endsWith("/")) {
+                rootPath += "/";
+            }
+        }
+        @Override
+        public void onEvent(int eventID, String path) {
+            if(eventID == FileObserver.CLOSE_WRITE) {
+                File file = new File(rootPath + path);
+                if(file.exists() && file.length() > 0) {
+                    Set<File> filesToScan = new HashSet<>();
+                    filesToScan.add(file);
+                    new MalwareScanner(null, getApplicationContext(), false).execute(filesToScan);
+                }
+            }
+        }
+    }
+
+}
diff --git a/app/src/main/res/drawable-hdpi/ic_notification.png b/app/src/main/res/drawable-hdpi/ic_notification.png
new file mode 100644
index 0000000000000000000000000000000000000000..7acf080a274c35919c3498346ead5fc0a51ad82a
GIT binary patch
literal 485
zcmV<B0UG{^P)<h;3K|Lk000e1NJLTq001Na001Ni1^@s6;Q*MJ00053Nkl<Zc-rll
zF-yZh6vso`K{H4vrGranhtdyWiEAfUrMUPFL@C-)aMU2w(LoB`92EQp9UQuJs33^Y
zMXIF=w()=X0*{cI-1ROU%!3~xckk|g$z^yK%Sz)vhUa-Da3ZdYl*oWBa0e#dZ%pW3
zv}ckMvB4hbdVfck@@!Kg1=^ND$l{OSVTRa%#uapaA6H-;SV(NoE!d>(t4F-CG0js_
z6{&!G_I>y<0+(PTkRK()A4JSskrnC(CVB-&U~NWzTp>UDszM)N2P{S8Cnoe1Gd~qd
zg;F6|p`Kx(o~%%Z2ENf^Q5=GU7>sD%j;v5y@`>v)=3E8el;4&WY8Vi5SbjrR$T1+~
zvV2FS5F6?eLjN+WrG`p{8wNEs3hlGprfN-84ylKvh0wPGo>@Iqo~L4LX%M<#d98U%
z*dlmW6+-(qd&^>;qK>+{rXoc3_9x4!={$9~GD5iD1z)V+)qM=gf$JzCT-U)3n6f@G
zE@$FwmIY^l#rUG<RD=65rTnbv(`yyHL~NnxuO@l6&x7NTlk9-n^NafFVAC5rrK@eF
bVK9CG(&-+0w}Y8I00000NkvXXu0mjfEBV=V

literal 0
HcmV?d00001

diff --git a/app/src/main/res/drawable-mdpi/ic_notification.png b/app/src/main/res/drawable-mdpi/ic_notification.png
new file mode 100644
index 0000000000000000000000000000000000000000..0c25ffb45b7c631eeedf126053fdf16b54ab7969
GIT binary patch
literal 344
zcmV-e0jK_nP)<h;3K|Lk000e1NJLTq000;O000;W1^@s6;CDUv0003WNkl<Zc-muN
z7);>*|Nl%NObdg#fjA3@Z$dGM%}ou1rGdB|h~NH)fWQ9{;4M^6njC|TfOs(w|AZR$
z1&F5uvHE{Z@Dr-mh!}(AfOtO;|AT6N3dB`FEP|v47x)L&D~Hbl2dLt^KpY3eY*^F~
z0uIDjFb$8IQ445mfi)2p{K0`?DbE_81!{zxhez)^s1h}N7O+Ay6-gFA%c!SNy{v>X
z+g36xu!Bl(B_=mVkYT|lsB{D|7J!237O@rpg}k5<e2ZZ4AZhYIN)<RQ0CJUp_ytt0
z2dO1$Cq4^+OdTM;4;AhtxAvNW#SR{52@6YYGsv#xfEpQrI0r51enP4vKyr-KsM%zJ
qcp?zLhGGy~mKJq03kVOYmIwf5`($n+7ySqT0000<MNUMnLSTaJD1yWQ

literal 0
HcmV?d00001

diff --git a/app/src/main/res/drawable-xhdpi/ic_notification.png b/app/src/main/res/drawable-xhdpi/ic_notification.png
new file mode 100644
index 0000000000000000000000000000000000000000..895956071415765485a5625e744d053e6217ce40
GIT binary patch
literal 615
zcmV-t0+{`YP)<h;3K|Lk000e1NJLTq001xm001xu1^@s6R|5Hm0006mNkl<Zc-rlm
zu}cC`9LFye)F^^ntiPb4q-Gm}jE11up{=2%#l<3pBpRBXgCHuY#)caD7g~%6TpAoQ
zq9&zC?fO3W4aZCG^xk{t3GWME(DVI%@Ao<H-Q9c7FtoJ%E7LSbnTN6PDR>`#C9}^{
z!%+Afd<@sk|Ekk(bABs20I$M#aNBfNo7%FNz#t2c!kci}rr2)>m@?&vdRcfJF2FUL
z!rtIR8VkLsMmggu3s2BB+^{L+3EqOoEOGs)L471-6&<u(->oj4vg7yg8XW47!;M;&
zaS{{($l7%B1)sq44mm`X6#*!8NcavPz|%eE5LH1Yz;3^H48H-)y2zmcG=K)s02*L;
z0rEZo$cq4EBmn%luvHlmfDO^p=c3OQF2#ljz~TS^cDNLaA^?*%^8i%<SKPc{Qgl-D
z>=gjbvp+21&oX9ZMGpbix$vS4fRu*-*Ial?20#dYQ4N5mGu*n;OQ$)uTZo(o0Owq2
zPUezI4E|IFfM!eF-H!DYlf5pqrvd;?#^DMVwx?>Tydo2T)>TirkczS;d3rK8B?26A
z&6`3`UKIn{=FGEK^<QNJ*Wqt3xdot0@vKABl4r~9=qL=|^b3Hm%d`N@i{%P?y+06v
zFM41YffwM*E*l^$M`Tc&96=frb_4sN%kd_~28}@rMI_<JKE^g{oAldW85<YdaMh;p
zDzyn4eigmbr{P=LacR)!w5NMvl3*s74J|GI>JQBJIu>TyFE9WA002ovPDHLkV1fkh
B6e$1z

literal 0
HcmV?d00001

diff --git a/app/src/main/res/drawable-xxhdpi/ic_notification.png b/app/src/main/res/drawable-xxhdpi/ic_notification.png
new file mode 100644
index 0000000000000000000000000000000000000000..2dc113cf4810691b5c46d2b1dadcaa22a8704286
GIT binary patch
literal 968
zcmV;(12_DMP)<h;3K|Lk000e1NJLTq002k;002k`1^@s6RqeA!000AzNkl<Zc-rlp
zPe@cj9LHzfMbW?{G7&no2@2lq646C3(ZPdKN260mHTKj=JVl2(X+)rSFtB5K@T3?@
zhoZ=c4tCNY2#Pl8k6Z3KeTV%CYrT29Z}-i6^WOfx@CA4G&F}YnA9rVG-^@HASS%Kc
z#i~S7%2Ucr;wY2^+zU^`S@JYJm#AkjDR=;W0_Wua%F%1;m{dK1X@N)J=kS3nuLC+(
zwP}enn0ELUye+HOHpOU<6PO<AQ+B0)+NGF1QSNwE-?0eiJ)C&fBd9#(7>GoNjv|}k
zYw*ho`<Fw#hi}5it9(ZtP)?P**+wuO)Hm#SIH>}>4qt_vN@CTj9jc|nmhsDdj~|U+
z@MHJ_oOFomm$Fn_u;Zzc@ynuS{G!um_#WI<CcfXwmGo07({P617xeL{v~Spg$Kewd
z<}jrK)jnhr(3*#DmkszzY5x*3phK;N3Fr^JK>bUi${eu-^cB7fpYb6_>;Sz{;};)u
z#17E9&p8+n17bi7hygJm2E>3E5CdXB42S_8Eq)~ifL2TbT8aUnC6j;_0syq<qn$1d
zFPH>0W%}RibG=&*DW*&U%0vYa&DH&MNRcrKXgETE`ZXzrO#<rnFy#|App0hfr`sf;
z2ATkj0-z<$<Yj~D$-`ya0U^vu_=iLIWno%KG8O?q*EQkCf&iozMD1G+$mw0aAIO3$
zTGg>>D<Fh83;%Wqy&2dl4_b_1E1-v((BmQ~Az3H<-8MjK>YILI{3}&!rwCF=IAbB8
z2b!=mB52Xdtvy=+q3L<ef-Y5KuLwg(JZ}RaG&|<<#W63!5|XFkZx#T$tqG@UON%gt
z0w%%)geI4yey!w$2wSqa_u_RJfN=OZTD;{XRg)ciJ5WfUEH3X23=j<nKWM_JTKa@d
zLP4WJ0m5Nj@H>|<qrx`PrI1<EfN;n~_@hgRS>u;9YV40zO#q_bfFqjA7>8Pww(luJ
zfo<?JKLO$C)9@qdzH><BY!gwCEN-6Ls1*<%Hc{X9rA#xGD_WcEP;jd(?m6`gh(^XY
z;I|btQ8`*g6otYY;XBgXrn)(ou}!J+6uVJGT{wwB_>+$VZWU`##7VMv(}1}er;Q2}
zBc3-Ops#8*q4(4yr~<X=m-TS70i0wKzDyU_-8SXr=oocuQq-I19i?V#C*fBFBu9Tw
q(rfj5dkP0wX);4$u~;ltdHn^-PHWdPexu|70000<MNUMnLSTaKJGs>W

literal 0
HcmV?d00001

diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 863d0d6..1bb7289 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -5,4 +5,7 @@
     <string name="lblScanApps">Scan App APKs</string>
     <string name="lblScanInternal">Scan Internal Storage</string>
     <string name="lblScanExternal">Scan External Storage</string>
+    <string name="lblNotificationRealtimeTitle">Realtime Scanner</string>
+    <string name="lblNotificationRealtimeText">Malware will be detected in realtime</string>
+    <string name="lblNotificationRealtimeDetection">Malware Detected!</string>
 </resources>